SHTree: A Structural Encrypted Traffic Fingerprint Generation Method for Multiple Classification Tasks
In recent years, encrypted traffic classification has been found widespread applications in the field of cybersecurity. Its main challenge lies in accurately represent traffic when features are obscured due to encryption. To address this, researchers utilize fingerprint construction methods based on...
Saved in:
| Published in | 2024 IEEE Symposium on Computers and Communications (ISCC) pp. 1 - 7 |
|---|---|
| Main Authors | , , , |
| Format | Conference Proceeding |
| Language | English |
| Published |
IEEE
26.06.2024
|
| Subjects | |
| Online Access | Get full text |
Cover
Loading…
| Abstract | In recent years, encrypted traffic classification has been found widespread applications in the field of cybersecurity. Its main challenge lies in accurately represent traffic when features are obscured due to encryption. To address this, researchers utilize fingerprint construction methods based on statistical information or employ Deep Learning (DL) for traffic representation. However, in previous methods of feature selection, flat key-value pair features, or raw packet bytes are often used, ignoring the structured information embedded in packets and flows. Therefore, We propose a novel structured encrypted traffic fingerprint generation method called SHTree. It constructs traffic fingerprints using a set of tree-based structures to represent traffic, encapsulating structural features from the traffic, enhancing the representation of traffic. This enables it to adapt to various classification tasks through general feature selection. The experiments demonstrate that our method achieves comparable accuracy to state-of-the-art Large Language Models (LLMs), with an F1 score higher by 0.5% on specific tasks. Meanwhile, it outperforms by three orders of magnitude in classification speed. In unsupervised abnormal detection tasks, the True Positive Rate (TPR) exceeds 99%, while maintaining a False Positive Rate (FPR) of 0.5%. |
|---|---|
| AbstractList | In recent years, encrypted traffic classification has been found widespread applications in the field of cybersecurity. Its main challenge lies in accurately represent traffic when features are obscured due to encryption. To address this, researchers utilize fingerprint construction methods based on statistical information or employ Deep Learning (DL) for traffic representation. However, in previous methods of feature selection, flat key-value pair features, or raw packet bytes are often used, ignoring the structured information embedded in packets and flows. Therefore, We propose a novel structured encrypted traffic fingerprint generation method called SHTree. It constructs traffic fingerprints using a set of tree-based structures to represent traffic, encapsulating structural features from the traffic, enhancing the representation of traffic. This enables it to adapt to various classification tasks through general feature selection. The experiments demonstrate that our method achieves comparable accuracy to state-of-the-art Large Language Models (LLMs), with an F1 score higher by 0.5% on specific tasks. Meanwhile, it outperforms by three orders of magnitude in classification speed. In unsupervised abnormal detection tasks, the True Positive Rate (TPR) exceeds 99%, while maintaining a False Positive Rate (FPR) of 0.5%. |
| Author | Ma, Minghao Yin, Qilei Zong, Yangyang Shi, Zhixin |
| Author_xml | – sequence: 1 givenname: Minghao surname: Ma fullname: Ma, Minghao email: maminghao@iie.ac.cn organization: Chinese Academy of Sciences,Institute of Information Engineering,Beijing,China – sequence: 2 givenname: Zhixin surname: Shi fullname: Shi, Zhixin email: shizhixin@iie.ac.cn organization: Chinese Academy of Sciences,Institute of Information Engineering,Beijing,China – sequence: 3 givenname: Qilei surname: Yin fullname: Yin, Qilei email: yinql@zgclab.edu.cn organization: Zhongguancun Laboratory,Beijing,China – sequence: 4 givenname: Yangyang surname: Zong fullname: Zong, Yangyang email: zongyangyang@iie.ac.cn organization: Chinese Academy of Sciences,Institute of Information Engineering,Beijing,China |
| BookMark | eNqFjr1OwzAUhQ2iUlvoGyBxX6DBP0mcdENRSxk6JXtlpdfUYJzo2hn69lQCZqYznO98Okt2F4aAjD0JngnB6-e3tmlKUWqVSS7zTHCtVCnlDVvVuq5UwVWRSyVv2UKWuVxrVdVztozxg3NeFVIvmG33HSFu4AXaRFOfJjIetqGny5jwBB0Za10POxfekUZyIcErBiST3BDggOk8nMAOBIfJJzd6hMabGN119IN0Jn7GBzazxkdc_eY9e9xtu2a_doh4vGq_DF2Of__VP_U3audMAw |
| ContentType | Conference Proceeding |
| DBID | 6IE 6IL CBEJK RIE RIL |
| DOI | 10.1109/ISCC61673.2024.10733622 |
| DatabaseName | IEEE Electronic Library (IEL) Conference Proceedings IEEE Proceedings Order Plan All Online (POP All Online) 1998-present by volume IEEE Xplore All Conference Proceedings IEEE Electronic Library Online IEEE Proceedings Order Plans (POP All) 1998-Present |
| DatabaseTitleList | |
| Database_xml | – sequence: 1 dbid: RIE name: IEEE Electronic Library Online url: https://proxy.k.utb.cz/login?url=https://ieeexplore.ieee.org/ sourceTypes: Publisher |
| DeliveryMethod | fulltext_linktorsrc |
| Discipline | Engineering Computer Science |
| EISBN | 9798350354232 |
| EISSN | 2642-7389 |
| EndPage | 7 |
| ExternalDocumentID | 10733622 |
| Genre | orig-research |
| GroupedDBID | 6IE 6IF 6IH 6IK 6IL 6IN AAJGR ACGFS ADZIZ ALMA_UNASSIGNED_HOLDINGS BEFXN BFFAM BGNUA BKEBE BPEOZ CBEJK CHZPO IPLJI JC5 OCL RIE RIL |
| ID | FETCH-ieee_primary_107336223 |
| IEDL.DBID | RIE |
| IngestDate | Wed Nov 06 05:53:24 EST 2024 |
| IsPeerReviewed | false |
| IsScholarly | true |
| Language | English |
| LinkModel | DirectLink |
| MergedId | FETCHMERGED-ieee_primary_107336223 |
| ParticipantIDs | ieee_primary_10733622 |
| PublicationCentury | 2000 |
| PublicationDate | 2024-June-26 |
| PublicationDateYYYYMMDD | 2024-06-26 |
| PublicationDate_xml | – month: 06 year: 2024 text: 2024-June-26 day: 26 |
| PublicationDecade | 2020 |
| PublicationTitle | 2024 IEEE Symposium on Computers and Communications (ISCC) |
| PublicationTitleAbbrev | ISCC |
| PublicationYear | 2024 |
| Publisher | IEEE |
| Publisher_xml | – name: IEEE |
| SSID | ssj0008527 |
| Score | 4.6175685 |
| Snippet | In recent years, encrypted traffic classification has been found widespread applications in the field of cybersecurity. Its main challenge lies in accurately... |
| SourceID | ieee |
| SourceType | Publisher |
| StartPage | 1 |
| SubjectTerms | Accuracy Computer security Computers Decision making Deep learning Encryption Feature extraction Fingerprint recognition Large language models Network Security Network Traffic Classification Telecommunication traffic Traffic Fingerprint |
| Title | SHTree: A Structural Encrypted Traffic Fingerprint Generation Method for Multiple Classification Tasks |
| URI | https://ieeexplore.ieee.org/document/10733622 |
| hasFullText | 1 |
| inHoldings | 1 |
| isFullTextHit | |
| isPrint | |
| link | http://utb.summon.serialssolutions.com/2.0.0/link/0/eLvHCXMwjV1LT4NAEJ5oT3qp1hof1czBK0hZ2C3eTFOCJjQmYNJb04Xl0oQ2LT3or3dngfqIJh5INoQFJpOdmZ395huAu0KHQqIQymIeKyx9ZdYo97kVCMfzpGBZkFO9czzl0av3PPNnTbG6qYVRShnwmbJpaM7y81W2o1SZXuFE3udqi3sogqAu1tqb3ZHvigbANXSC-6dkPOZDLpjeA7qe3U791kTF-JCwC9P26zV0ZGnvKmln7z-IGf_9eyfQ_yzXw5e9IzqFA1X2oNv2a8Bm-fbg-Av54BkUSZRulHrAR0wMiSwRcOCkzDZvax2GovZiRC-BoUn8Uf6vwpqkmnSJsWk9jTrmxbgBJaLpsEnYo_qRdLFdbvswCCfpOLJIkvm6JreYt0Kwc-iUq1JdALqO4JIF0qXNo1owKWWWi2Gh7ShXjj-6hP6vr7j64_41HJFOCHDl8gF0tIzqRrv2St4alX4ApfCoWA |
| link.rule.ids | 310,311,783,787,792,793,799,27937,55086 |
| linkProvider | IEEE |
| linkToHtml | http://utb.summon.serialssolutions.com/2.0.0/link/0/eLvHCXMwjV1LT4NAEJ6YelAv1Vrjo-oevIKUhV3wZkgbqoWYFJPemi4slya0aelBf707C9RHNPFAsiEsMJnszOzsN98A3OUqFOI5lwZ1aG6oKzW8zGWGzy3HEZymfob1zlHMwlfnaepO62J1XQsjpdTgM2niUJ_lZ8t0i6kytcKRvM9WFndfBdYeq8q1dobXc21eQ7j6ln8_mgQB6zNO1S7Qdsxm8rc2KtqLDNsQN9-vwCMLc1sKM33_Qc347x88hu5nwR552bmiE9iTRQfaTccGUi_gDhx9oR88hXwSJmspH8gjmWgaWaTgIIMiXb-tVCBKlB9Dggky1Kk_zACWpKKpRm2SSDefJirqJVENSyS6xyaij6pHkvlmselCbzhIgtBASWarit5i1ghBz6BVLAt5DsS2OBPUFzZuH-WcCiHSjPdzZUmZtFzvArq_vuLyj_u3cBAm0Xg2HsXPV3CI-kH4lc160FLyymvl6Etxo9X7AZ0nq6M |
| openUrl | ctx_ver=Z39.88-2004&ctx_enc=info%3Aofi%2Fenc%3AUTF-8&rfr_id=info%3Asid%2Fsummon.serialssolutions.com&rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Abook&rft.genre=proceeding&rft.title=2024+IEEE+Symposium+on+Computers+and+Communications+%28ISCC%29&rft.atitle=SHTree%3A+A+Structural+Encrypted+Traffic+Fingerprint+Generation+Method+for+Multiple+Classification+Tasks&rft.au=Ma%2C+Minghao&rft.au=Shi%2C+Zhixin&rft.au=Yin%2C+Qilei&rft.au=Zong%2C+Yangyang&rft.date=2024-06-26&rft.pub=IEEE&rft.eissn=2642-7389&rft.spage=1&rft.epage=7&rft_id=info:doi/10.1109%2FISCC61673.2024.10733622&rft.externalDocID=10733622 |